Phishing still number one method for cyber-attacks

Microsoft says hackers are going for the 'low-hanging fruit'.

Shares

Microsoft has just released its annual cybersecurity report and it says that phishing is still the most popular way for cyber-criminals to attack, giving security experts everywhere headaches.

To create the report, Microsoft scanned more than 400 billion emails, 450 billion authentications and 1.2 billion devices. More than half (53 per cent) of all email threats are phishing ones. Three quarters (75 per cent) contain a malicious URL.

“As software vendors incorporate stronger security measures into their products, it is becoming more expensive for hackers to successfully penetrate software. By contrast, it is easier and less costly to trick a user into clicking a malicious link or opening a phishing email,” Microsoft said.

“In 2017 we saw “low-hanging fruit” methods being used such as phishing — to trick users into handing over credentials and other sensitive information. In fact, phishing was the top threat vector for Office 365-based threats during the second half of 2017.”

Second biggest threat are 'leaky cloud apps'. Microsoft says just three per cent of them support HTTP protection methods, while 86 per cent of them do not encrypt data, at all.

“Other low-hanging fruit for attackers are poorly secured cloud apps. In our research, we found that 79 per cent of SaaS storage apps and 86 per cent of SaaS collaboration apps do not encrypt data both at rest and in transit.”

Ransomware is still popular, as well, mostly in Myanmar, Bangladesh and Venezuela, where the encounter rates were highest average (0.48 per cent, 0.36 per cent and 0.33 per cent, respectively).

On the other hand Japan, USA and Finland have had the lowest average monthly encounter rates, at just 0.03 per cent.